If the issue is the CA is untrusted and you are in an app making your own https or SSLSocket connections, you should be able to make your own TrustManager that trusts whatever CAs you like. See http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html for an example. If you give me a server name, I could check the server configuration. Sometimes earlier versions of Android were particular about not including unneeded root CAs or bridge CAs in the server certificate chain. These issues were fixed in 3.0, but could be worked around in 3.0, again a custom TrustManager might help, allowing you to discard unneeded certs from the chain.
-bri On Wed, Jun 20, 2012 at 11:48 AM, Michael Potter <[email protected]> wrote: > Sorry, I accidentally typed Verizon when I meant to type Verisign. > > I will round up the list of devices/versions everyone has tested on. > I am not the OP, so the Android 1.6 does not apply to me. > > My phone is 2.3.6 Gingerbread.UCLA3. > I did not trap the network traffic on my phone, but I have the same > behavior as the phone that did trap the network traffic. I will post > that phone's version later. > > I need to support versions prior to 2.3, so I am interested in > suggestions to solve this problem by changes to the server > configuration. I cannot tell my users to update their phones. > > I will post more information after I gather it from the other people > working on this problem. > > -- > potter > > On Wed, Jun 20, 2012 at 2:28 PM, Brian Carlstrom <[email protected]> wrote: > > I guessing that the "Android 1.6" in the user agent string implies a > Donut > > device. It is very possible that CA is not trusted. I did a major update > to > > the CA list in 2.3 Gingerbread. Have you tested in new releases in the > > Android SDK emulator to see if that is the problem? If the CA truly is > > Verizon, I don't think any stock Android device has trusted such as CA, > > although its possible your Verizon provide server certificate is issued > by a > > trusted CA. > > > > -bri > > > > On Wed, Jun 20, 2012 at 4:46 AM, Michael Potter <[email protected]> > wrote: > >> > >> I am getting this same error while doing a https POST to a SOAP service > in > >> javascript. > >> I am using iphonegap to package the html/js into a android .apk file. > >> > >> This is only a problem on Android, iOS and Adobe Air do not have problem > >> accessing the service. > >> Our server certificate came from Verizon. > >> > >> Was there any resolution to the error below? > >> > >> -- > >> potter > >> > >> On Monday, May 10, 2010 6:57:25 AM UTC-4, mikiso wrote: > >>> > >>> Hi, > >>> > >>> When I access a website(mail.myserver.com) from default browser, > >>> android shows a message like > >>> "browser cannot establish secure connection" and then aborted. > >>> I took tcp packets between a browser of Android SDK and the server. > >>> > >>> Server → Client : Certificate, Server Hello Done > >>> Client → Server : Client Key Exchange, Change Cipher Spec, Encrypted > >>> Handshake Message > >>> Server → Client : Change Cipher Spec, Encrypted Handshake Message > >>> Client → Server : [ACK] > >>> Client → Server : Encrypted Alert > >>> Client → Server : [FIN, ACK] > >>> Server → Client : [FIN, ACK] > >>> > >>> It seemes that the Android browser send an error as "Encrypted Alert" > >>> to the server. > >>> > >>> FYI,the certificate of the server defines "mail.myserver.com" as CN > >>> and the following DNS > >>> names as subject alternative name. > >>> * pop.myserver.com > >>> * mail.myserver.com > >>> * imap.myserver.com > >>> > >>> I don't know if this is related to the case, but I can access site > >>> with a simple certificate and > >>> at that time client can send "Application Data" to the Server > >>> instead of "Encrypted Alert. > >>> > >>> Has anyone faced the same problem? > >>> All of the android phones launched in Japan is affected by this > >>> problem. > >>> One of the user-agent of the default browser is: > >>> Mozilla/5.0 (Linux; U; Android 1.6; ja-jp; SonyEricssonSO-01B Build/ > >>> R1EA018) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile > >>> Safari/525.20.1 > >>> > >>> Regards, > >>> Soichiro Miki > >>> Hitachisoft Zimbra Support > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Android Security Discussions" group. > >> To view this discussion on the web visit > >> https://groups.google.com/d/msg/android-security-discuss/-/3PpbvQ0ldDIJ > . > >> To post to this group, send email to > >> [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >> http://groups.google.com/group/android-security-discuss?hl=en. > > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
